GLSA-200506-13 : webapp-config: Insecure temporary file handling

The remote host is affected by the vulnerability described in GLSA-200506-13 webapp-config: Insecure temporary file handling Eric Romang discovered webapp-config uses a predictable temporary filename while processing certain options, resulting in a race condition. Impact : Successful exploitation...

[SA15054] WebAPP E-Cart Module Shell Command Injection Vulnerability

---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secuniavacancies/ ---------------------------------------------------------------------- TITLE: WebAPP E-Cart Module Shell Command Injection...

CVE-2004-2183

Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string...

[Full-Disclosure] TWiki search function allows arbitrary shell command execution

VULNERABLE SOFTWARE VERSIONS TWiki http://twiki.org/ - TWiki 20030201 e.g. Debian Sarge - probably later versions - Subversion repository at http://ntwiki.ethermage.net:8181/svn/twiki/trunk at least until revision 3224 including ATTACK VECTORS HTTP GET requests towards the Wiki server typically...

Debian DSA-229-1 : imp - SQL injection

Jouko Pynnonen discovered a problem with IMP, a web-based IMAP mail program. Using carefully crafted URLs a remote attacker is able to inject SQL code into SQL queries without proper user authentication. Even though results of SQL queries aren't directly readable from the screen, an attacker migh...

Important: Red Hat Security Advisory: xpdf security update

Updated Xpdf packages are available that fix a vulnerability where a malicious PDF document could run arbitrary code. Updated 21 July 2003 Updated packages are now available, as the original errata packages did not fix all possible ways of exploiting this vulnerability. Xpdf is an X Window System...

DotBr 0.1 - 'System.php3' Remote Command Execution

source: https://www.securityfocus.com/bid/6866/info The DotBr 'system.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands with the privileges of the...

DotBr 0.1 - 'Exec.php3' Remote Command Execution

source: https://www.securityfocus.com/bid/6867/info The DotBr 'exec.php3' script is prone to a remote command execution vulnerability. This is due to insufficient sanitization of user-supplied data. Exploitation may result in execution of arbitrary shell commands with the privileges of the...

ASA-0000: GV Execution of Arbitrary Shell Commands

"After" Security Advisory Title: GV Execution of Arbitrary Shell Commands Affects: gv-3.5.8 and probably older versions Advisory ID: ASA-0000 Release Date: 2002-10-01 Author: Marc Bevand bevandm at epita.fr URL: http://www.epita.fr/bevandm/asa/asa-0000 --oOo-- 0. Table of Contents 0. Table of...

Mountain Network Systems WebCart 8.4 - Command Execution

Mountain Network Systems WebCart 8.4 - Command Execution source: https://www.securityfocus.com/bid/3453/info Mountain Network Systems WebCart is a cgi based online shopping suite. An error in the webcart.cgi script allows a remote user to pass an arbitrary shell command which will be executed by...

Brian Stanback bsguest.cgi 1.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/2159/info An input validation vulnerability exists in Brian Stanback's bsguest.cgi, a script designed to coordinate guestbook submissions from website visitors. The script fails to properly filter ';' characters from the user-supplied email address...

Brian Stanback bslist.cgi 1.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/2160/info An input validation vulnerability exists in Brian Stanback's bslist.cgi, a script designed to coordinate mailing lists. The script fails to properly filter ';' characters from the user-supplied email addresses collected by the script. As a resul...

Leif M. Wright simplestguest.cgi 2.0 - Remote Command Execution

Leif M. Wright simplestguest.cgi 2.0 - Remote Command Execution source: https://www.securityfocus.com/bid/2106/info A vulnerabiliy exists in Leif M. Wright's simplestguest.cgi, a script designed to coordinate guestbook submissions from website visitors. An insecure call to the open function leads...

Leif M. Wright simplestmail.cgi 1.0 - Remote Command Execution

Leif M. Wright simplestmail.cgi 1.0 - Remote Command Execution source: https://www.securityfocus.com/bid/2102/info A vulnerabiliy exists in Leif M. Wright's simplestmail.cgi, a script designed to coordinate email responses from web forms. An insecurely-structured call to the open function leads t...

FreeBSD-SA-00:01.make

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:01 Security Advisory FreeBSD, Inc. Topic: Insecure temporary file handling in make1 Category: core Module: make Announced: 2000-01-19 Affects: All versions before the...